Liability for Computer Errors Not covered in textbook Computer errors • A range of possible consequences – – – – Seconds lost Data lost $ - $$$ Injuries and deaths • Examples: – – – – Disfranchised voters False arrests Price & billing errors Air traffic control, airplane control Intrinsic & Extrinsic software • Intrinsic: – Software that is part of a completed product • Extrinsic: – Loaded onto the computer or machine of the user, user directly encounters The Therac-25 Case • Radiation therapy machine • Typical system malfunctions number 40x day The Therac-25 case cont’d • 20 month period, overdoses to 6 patients, directly killing 3. • Previous models, 6 & 20 – Differences to the 25? • Chronology of accidents – Please see http://computingcases.org/case_materials/therac /supporting_docs/therac_case_narr/therac_toc.ht ml What was wrong with the Therac-25 programming? • 2 modes – X-ray: high intensity beam deflected by tungsten target – Electron: removes tungsten & reduces beam intensity by factor of 100 • Quickly changing* (data entry editing) between mode resulted in electron mode not dropping the beam intensity – * If the operator was able to edit and start < 8 seconds • Use of a Race condition – 2 or more tasks sharing a variable, order that each is encountered can affect behavior of the program – The Therac-25 no longer had the hardware safety feature Therac 25 • Problems – – – – No fail safe No dose reporting Complicated programming Re-use of code • Who had moral and/or legal responsibility? – Harm shown – Was there intent? – Was there negligence? • Define negligence Extrinsic Software Failures • With these examples, companies or individuals are buying software for what it can do for them. – Disclaiming liability for problems through warranties Software Warranties • Limiting liability to: – A refund of the purchase price – Repair of the software product • Accepting no liability for – Business losses arising out of the use of the product • Enforceability of these disclaimers? – UCC & the Magnuson-Moss Warranty Act – Mix of case law Extrinsic Business Software Failures NCR’s Warehouse Manager • Warehouse Manager was an inventory program. It was developed for a different operating system than it was deployed for. • The “deadly embrace” • NCR continued selling it, claiming 200 successful installs, but that was actually on other op sys. – When problems reported, told customers that was “unique” NCR cont’d • Hopper bought the system. – Did not get honest disclosure from NCR. • NCR sold it to him after product had been discontinued. – Errors about inventory and pricing resulted. • $114 item listed for 54 cents; $17 item listed as on sale for $30. – Hopper was operating a successful co., but after adoption of WM income was half. • Processes took to long & were inaccurate. Inventory inaccuracies NCR conclusion • Hopper tried to sue NCR for $4.2 million. • However, the sales agreement signed by Hopper stated that in the event of problems, NCR was only responsible for the original cost of the software minus the depreciation of the equipment. • The agreement also had an arbitration clause, so the court refused the case. ProCD v. Zeidenberg • ProCD selling mailing list generating software – 2 prices, 1 for personal 1 for business • Zeidenberg bought it as personal and created a mailing list sales business using the product. • ProCD sued saying this violated terms of the license • Terms not found on box but on click thru agmt • Ct found that Zeidenberg could be held to those terms of the click through agreement and was in violation of the software license. Mortenson v. Timberline Software • Precison Bid software • Used it and created bid $1.95 million too low • Licensing disclaimed business losses related to use of the software in excess of licensing fee • Timberline was aware of bug, did not send fix to Mortenson. • Ct. found the Timberline was not liable b/c licensing agmt. properly limited liability.